| Summary: | wireshark new releases 1.6.13 and 1.8.5 fix security issues | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://www.wireshark.org/news/20130129.html | ||
| Whiteboard: | has_procedure mga2-32-ok MGA2-64-OK | ||
| Source RPM: | wireshark-1.6.12-1.mga2.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-01-30 03:05:21 CET
Updated packages uploaded for Mageia 2 and Cauldron. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors (wnpa-sec-2013-01). The CLNP dissector could crash (wnpa-sec-2013-02). The DTN dissector could crash (wnpa-sec-2013-03). The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04). The DTLS dissector could crash (wnpa-sec-2013-05). The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07). The Wireshark dissection engine could crash (wnpa-sec-2013-08). The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09). References: http://www.wireshark.org/security/wnpa-sec-2013-01.html http://www.wireshark.org/security/wnpa-sec-2013-02.html http://www.wireshark.org/security/wnpa-sec-2013-03.html http://www.wireshark.org/security/wnpa-sec-2013-04.html http://www.wireshark.org/security/wnpa-sec-2013-05.html http://www.wireshark.org/security/wnpa-sec-2013-07.html http://www.wireshark.org/security/wnpa-sec-2013-08.html http://www.wireshark.org/security/wnpa-sec-2013-09.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.13.html http://www.wireshark.org/news/20130129.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.6.13-1.mga2 libwireshark1-1.6.13-1.mga2 libwireshark-devel-1.6.13-1.mga2 wireshark-tools-1.6.13-1.mga2 tshark-1.6.13-1.mga2 rawshark-1.6.13-1.mga2 dumpcap-1.6.13-1.mga2 from wireshark-1.6.13-1.mga2.src.rpm Version:
Cauldron =>
2 Some PoC's https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7871 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8112 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8111 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8213 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 Testing mga2 32 Before ------ $ wireshark 8023-slow-protocols.pcap 17:05:20 Warn Dissector bug, protocol 802.3 Slow protocols, in packet 1: More than 1000000 items in the tree -- possible infinite loop 17:05:21 Warn Dissector bug, protocol 802.3 Slow protocols, in packet 1: More than 1000000 items in the tree -- possible infinite loop ^C The above causes max cpu load and the errors seen. Killed with ctrl-c. $ tshark -nr fuzz-2012-10-16-23114.pcap ...etc Segmentation Fault $ tshark -nr fuzz-2012-10-31-25737.pcap No ill effect, also tried with wireshark. $ wireshark packet-ms-mms.pcap No ill effect, also tried tshark. $ wireshark packet-dtls.pcap Segmentation fault $ tshark -nr process_packet.pcap No ill effect, but crashes with wireshark. $ wireshark process_packet.pcap 17:19:25 Err Memory corrupted Trace/breakpoint trap $ wireshark packet-per.pcap No error, also tried tshark. After ----- Repeated the tests without issue. Captures ok when started as root. Testing complete mga2 32 Whiteboard:
(none) =>
has_procedure mga2-32-ok Testing complete on Mageia 2 x86-64. Identical to i586 results. Could someone from the sysadmin team push the srpm wireshark-1.6.13-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated wireshark packages fix security vulnerabilities: Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors (wnpa-sec-2013-01). The CLNP dissector could crash (wnpa-sec-2013-02). The DTN dissector could crash (wnpa-sec-2013-03). The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04). The DTLS dissector could crash (wnpa-sec-2013-05). The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07). The Wireshark dissection engine could crash (wnpa-sec-2013-08). The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09). References: http://www.wireshark.org/security/wnpa-sec-2013-01.html http://www.wireshark.org/security/wnpa-sec-2013-02.html http://www.wireshark.org/security/wnpa-sec-2013-03.html http://www.wireshark.org/security/wnpa-sec-2013-04.html http://www.wireshark.org/security/wnpa-sec-2013-05.html http://www.wireshark.org/security/wnpa-sec-2013-07.html http://www.wireshark.org/security/wnpa-sec-2013-08.html http://www.wireshark.org/security/wnpa-sec-2013-09.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.13.html http://www.wireshark.org/news/20130129.html https://bugs.mageia.org/show_bug.cgi?id=8897 Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0034 Status:
NEW =>
RESOLVED |